STWinterMeeting2016

"Vintermötet" = ST Winter Meeting 2016

The winter meeting will be held at Bokenäs Hav Spa on the 2nd-3rd of February. As usual, there will be talks as well as social activities. We recommend taking bathing suits as Bokenäs has spa facilities and a flashlight for walks.

Abstracts

Solving Linear Integer Constraints by Translation into SAT

I will present a completely new method for solving linear constraints over integers (ILP), that translates the given problem into a SAT problem. The new method thus avoids the explicit and expensive backtracking that is an integral part of most ILP solving methods, and instead makes use of the efficient search procedure that is built-in into a SAT-solver. The method is based on the well-known Omega Test, but is a lot simpler, both for understanding by humans and to implement. The method can be seemlessly integrated into an SMT-solver.

"An extensible information-flow library for external effects"

Existing Information flow tracking tools typically handle a fixed set of effects baked in the tool itself, therefore when used in practice they often need to be extended. Unfortunately these extensions are usually ad-hoc and require security experts knowledge.

We present a calculus to systematically extend IFC languages with external effects and resources, such as references, file systems, email servers.
Our technique is based on two well-known principles (no read-up and no write-down), traditionally employed in operative systems as Mandatory Access Control (MAC) mechanisms.
We demonstrate this technique in a Haskell library, in which developers only need to specify the read and write effects of new primitives.
We have formalised the calculus in Agda and proved that it satisfies termination insensitive non-interference.

"Musings from the new IT program responsible"

From January 1st I have replaced Wolfgang as the new head of the IT program. I would like to take the opportunity to present ongoing changes to the program, as well as some future plans and grand visions, and welcome your input and suggestions.

“What good are formal specifications?”

A high-level overview of my research in verification and
dynamic analysis, with focus on the underlying idea of taking advantage
of simple functional formal specifications to make formal methods
(somewhat) more applicable in practice on realistic programs.

"Loops Fall Apart When One Pulls The Zipper"

Implementation of collection traversal as traversal of its subcollections is a transformation commonly used in scheduling for parallel execution and in optimizing the memory bandwidth utilization. In an imperative language such an implementation is often a nested loop. I demonstrate that in a functional language an equivalent concept is a pair of mutually tail-recursive functions which can be translated to an equivalent imperative nested loop. I will also show that if a collection datatype is a Huet zipper, optimized implementation of its traversal can be derived from the traversal definition mechanically using Dagand-McBride function ornaments.

"Imperative Embedded Languages"

I will give a small tutorial of using the imperative-edsl package. Making your own EDSL for generating C code has never been easier!

“Evolving Privacy Policies for Social Networks”

Protecting users privacy in Social Network Sites (SNS) is a
challenging issue. The privacy policies that SNSs offer today are
focused on *what* information is accessible to *whom*. However, there
are other factors that can be considered for privacy policies, for
instance, *when* the privacy policies must be enforced or *how* (for
which purpose) the information can be accessed. In this talk, I will
present a novel approach to enforcing privacy policies which are
regarded to *when* the private information of a user can be
accessed. For example, a user is be able to write a policy saying "My
boss cannot see the pictures I am tagged in from Friday at 18:00 to
Monday 8:00" or "Nobody can know my location more than 3 times per
day". In order model evolving privacy policies we introduce the notion
of policy automata, which is a an automaton where transitions can be
triggered by events in the SNS or timers, and states describe the set
of privacy policies to be enforced. As a proof-of-concept we have
implemented some examples of evolving policies in the open source SNS
Diaspora*, and we have used the tool LARVA to automatically generate
the corresponding automata for each privacy policy.

“Data Exfiltration in the Face of CSP”

Cross-site scripting (XSS) attacks keep plaguing the Web. Supported by most
modern browsers, Content Security Policy (CSP) prescribes the browser to
restrict the features and communication capabilities of code on a web page,
mitigating the effects of XSS.
This paper puts a spotlight on the problem of data exfiltration in the face of
CSP. We bring attention to the unsettling discord in the security community
about the very goals of CSP when it comes to preventing data leaks.
As consequences of this discord, we report on insecurities in the known
protection mechanisms that are based on assumptions about CSP that turn out not
to hold in practice.
To illustrate the practical impact of the discord, we perform a systematic case
study of data exfiltration via DNS prefetching and resource prefetching in the
face of CSP.

Our study of the popular browsers demonstrates that it is often possible to
exfiltrate data by both resource prefetching and DNS prefetching in the face of
CSP. Further, we perform a crawl of the top 10,000 Alexa domains to report on
the cohabitance of CSP and prefetching in practice. Finally, we discuss
directions to control data exfiltration and, for the case study, propose
measures ranging from immediate fixes for the clients to prefetching-aware
extensions of CSP.

"On Security of Browser Extensions"

Browser extensions enrich user experience, as e.g. witnessed by tens of thousands extensions available in Chrome's web store. However, browser extensions also introduce significant security risks, being de-facto a man-in-the-middle between the user's browser and the web.
This talk describes some insights from an empirical study with all free extensions from Chrome's web store (around 30,000) that demonstrate clashes of security goals of the web pages and the browser.

"Faceted Values for Taint Tracking"

Taint tracking has been successfully deployed in a range of security
applications to track data dependencies in hardware and machine-,
binary-, and high-level code. Precision of taint tracking is key for
its usage in practice: being a vulnerability analysis, false
positives must be minimal for the analysis to have a chance to be
practical.
This paper presents an approach to taint tracking, which does not
involve tracking taints throughout computation. Instead, we include
shadow memories in the execution context, so that a single run of a
program has the effect of computing on both tainted and untainted
data. This mechanism is inspired by the technique of secure
multi-execution, while in contrast to the latter it does not require
running the program multiple times. We present a general framework
and establish its soundness with respect to explicit secrecy, a
policy for preventing insecure data leaks. We show that the
technique can be used for attack detection with no false
positives. We implement the approach by a source-to-source transform
for a core of Java and benchmark its precision and performance with
respect to FlowDroid and TaintDroid, typical representatives of
static and dynamic taint tracking for Java, respectively.